[UNCLASSIFIED]RE: [clug] Detecting malicious former employees

Tomasz Ciolek tmc at vandradlabs.com.au
Tue Sep 12 03:14:01 GMT 2006

Thats the way... 

But simple questions are:

1. what are you protecting from?
2. what are you mitigating against?
3. is it cheaper/feasible to not secure it, and wear the fallout?

Answer those and that dicates the lengths you go to...


On Tue, Sep 12, 2006 at 01:09:16PM +1000, Alex Satrapa wrote:
> On 12 Sep 2006, at 12:47, Michael Still wrote:
> >You also need to rename their .ssh/authorized_keys file, or ssh  
> >will allow execution of programs (I think. I need to test this).
> Ideally, you'd have some way of generating authorized_keys files  
> based on known trusted keys. After all, a truly malicious  
> administrator might go generating fake keys for "trusted" employees,  
> eg: I could go putting my fake keys into Bob and Charli's accounts,  
> so that after my account was disabled I still have SSH access to the  
> system using other people's accounts.
> Wow... once you start getting paranoid, security gets more and more  
> expensive!
> Alex
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

Tomasz M. Ciolek	
 tmc at vandradlabs dot com dot au 
   GPG Key ID:		0x41C4C2F0
   GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD 41C4 C2F0
   Key available on good key-servers

More information about the linux mailing list